CCG’s recommendations to the TRAI Consultation Paper on Privacy, Security and Ownership of Data in the Telecom Sector – Part II

In this series of blogposts, we discuss CCG’s responses and recommendations to the TRAI (available here), in response to their Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector. We focus on the principles and concerns that should govern the framing of any new data protection regime, whether limited to the telecom sector or otherwise.

In our previous blogpost, the first of the series, we discussed the background against which we have provided our responses and recommendations. In this post, we look at whether there is a need for a separate regulatory framework for data within the telecom sector, and the jurisdiction and powers of the TRAI.

We note that the Consultation Paper makes several references to stakeholders / players in the digital / telecommunications eco-system that are not traditional telecommunication service providers. These include online content / application service providers, device manufacturers, and providers of online communication services, operating systems, browsers. The Consultation Paper poses several questions about the regulation of data use and processing by such stakeholders.

In this context, we have examined the role and responsibilities of the TRAI beyond the regulation of traditional telecommunication service providers.

The preamble to the Telecom Regulatory Authority of India Act, 1997 (TRAI Act) states that the law is meant to “provide for the establishment of the Telecom Regulatory Authority of India and the Telecom Disputes Settlement and Appellate Tribunal to regulate the telecommunication services, adjudicate disputes, dispose of appeals and to protect the interests of service providers and consumers of the telecom sector, to promote and ensure orderly growth of the telecom sector and for matters connected therewith or incidental thereto”.

Telecommunication services have been defined to mean “service of any description (including electronic mail, voice mail, data services, audio tax services, video tax services, radio paging and cellular mobile telephone services) which is made available to users by means of any transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature, by wire, radio, visual or other electromagnetic means”[1]. Broadcasting services have been excluded from the definition of telecommunication services[2].

Service providers means either the government as a service provider, or a licensee[3] – which refers to any person licensed to provide telecommunication services under the Indian Telegraph Act, 1885[4].

Section 11 of the TRAI Act describes the functions of the TRAI. These functions are divided into two broad areas: (i) making recommendations of certain matters, and (ii) regulatory functions. The regulatory functions largely deal with monitoring compliance with the telecom licenses, and other functions of service providers.

The TRAI’s powers to make recommendations extend to the following matters:

  • need and timing for introduction of new service provider;
  • terms and conditions of licence to a service provider;
  • revocation of licence for non-compliance of terms and conditions of licence;
  • measures to facilitate competition and promote efficiency in the operation of telecommunication services so as to facilitate growth in such services;
  • technological improvements in the services provided by the service providers;
  • type of equipment to be used by the service providers after inspection of equipment used in the network;
  • measures for the development of telecommunication technology and any other matter relatable to telecommunication industry in general;
  • efficient management of available spectrum

We note that most of the above matters deal specifically with functions of service providers. However, as mentioned above, telecommunication services do include some services beyond those provided by traditional telecommunication service providers – such as electronic mail and voice mail among others.

In this context, we would argue that the functions and powers of the TRAI would not extend to making recommendations regarding, or regulating online content and application providers, device manufacturers or other businesses that do not provide communication services.

At best, the TRAI may derive powers to make recommendations regarding based on questions posed in the Consultation Paper, under sub-section (iv) which provides the TRAI with the authority to make recommendations on improving efficiency of telecommunication services.

In our next posts in this series, we will discuss principles that we believe any data protection regulation, irrespective of the sector it applies to, should address. We also note that as Indian businesses grow and adopt new technology, they are increasingly beginning to function across sectors. In this context, we recommend that a basic data protection law that is applicable horizontally across sectors and regions, to cope with these cross-sectoral business models.  Where required, additional regulations may be made applicable to collection and processing of sector specific sensitive personal data.

[1] Section 2(1)(k) of the Telecom Regulatory Authority of India Act, 1997

[2] Section 2(1)(k) of the Telecom Regulatory Authority of India Act, 1997

[3] Section 2(1)(j) of the Telecom Regulatory Authority of India Act, 1997

[4] Section 2(1)(e) of the Telecom Regulatory Authority of India Act, 1997

This message is only visible to admins.

Problem displaying Facebook posts.
Click to show error

Error: Error validating access token: The user has not authorized application 1332798716823516.
Type: OAuthException
Subcode: 458
Solution: See here for how to solve this error